CVE-2012-3512

EPSS 0.08%

munin - security update

Published: 11/21/2012Modified: 4/28/2026

Description

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.

Affected packages (2)

Debian/muninfrom 0, < 2.0.6-1
Debian/muninfrom 0, < 1.4.5-3+deb6u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-3512